Do not allow users to create orphaned books #2383

New Issue

Closed

opened 2026-02-05 03:53:30 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-05 03:53:30 +03:00

Owner

Copy Link

Originally created by @thesik01 on GitHub (Sep 9, 2021).

Describe the feature you'd like
Within Settings, include an option which forces non-admin users to choose a shelf for any new books they create, i.e. choosing an existing shelf is a mandatory step when a non-admin user creates a new book.

Describe the benefits this feature would bring to BookStack users
In a set-up where each non-admin user belongs to a role which only allows access to those shelves relevant to their team,
If you give a users permission to create books, you also give them permission to create books that are not associated with any shelf (and which their team members can't see), i.e. orphaned. Even if the book is moved into a shelf at a later time, it will not automatically have the right permissions. However, if it was mandatory for non-admin users to associate a new book with a shelf when it is first created, no books would be orphaned and team mates would automatically gain access. A setting to remove the 'Books' navigation link on the top menu bar for non-admin users would have the same practical effect.

Additional context
This is relevant where there are a large number of users divided into teams who don't want or need to see information related to other teams and where a strategy of a shelf per team/project has been implemented but where it is still desirable to allow any team member to create a new book within the shelves available to them. If there is a way of achieving this already, I apologise for not having been able to find it!

Originally created by @thesik01 on GitHub (Sep 9, 2021). **Describe the feature you'd like** Within Settings, include an option which forces non-admin users to choose a shelf for any new books they create, i.e. choosing an existing shelf is a mandatory step when a non-admin user creates a new book. **Describe the benefits this feature would bring to BookStack users** In a set-up where each non-admin user belongs to a role which only allows access to those shelves relevant to their team, If you give a users permission to create books, you also give them permission to create books that are not associated with any shelf (and which their team members can't see), i.e. orphaned. Even if the book is moved into a shelf at a later time, it will not automatically have the right permissions. However, if it was mandatory for non-admin users to associate a new book with a shelf when it is first created, no books would be orphaned and team mates would automatically gain access. A setting to remove the 'Books' navigation link on the top menu bar for non-admin users would have the same practical effect. **Additional context** This is relevant where there are a large number of users divided into teams who don't want or need to see information related to other teams and where a strategy of a shelf per team/project has been implemented but where it is still desirable to allow any team member to create a new book within the shelves available to them. If there is a way of achieving this already, I apologise for not having been able to find it!

OVERLORD added the :cat2:🐈 Possible duplicate label 2026-02-05 03:53:30 +03:00

OVERLORD closed this issue 2026-02-05 03:53:33 +03:00

OVERLORD commented 2026-02-05 03:53:38 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 12, 2021):

Thanks for the suggestion @thesik01.

To be honest I try not to introduce options/configuration for edge-case or specific workflows where possible. Options around this relationship also get a little dicey since the book/shelf relation is more complex that your request accounts for since books can be assigned to mulitple shelves. Do know if you'd then desire further controls to limit that.

Even if the book is moved into a shelf at a later time, it will not automatically have the right permissions. However, if it was mandatory for non-admin users to associate a new book with a shelf when it is first created, no books would be orphaned and team mates would automatically gain access.

This is not how the permissions work at this time. Shelf permissions do not auto-cascade to books.

A setting to remove the 'Books' navigation link on the top menu bar for non-admin users would have the same practical effect.

Within the current release, you could achieve this via adding the following to the "Custom HTML Head Content" setting:

<style>
header .header-links a[href$="/books"] {
    display: none;
}
</style>

The overall request here very much overlaps with this existing issue #1171 so I'm going to therefore close this off as a duplicate.

@ssddanbrown commented on GitHub (Sep 12, 2021): Thanks for the suggestion @thesik01. To be honest I try not to introduce options/configuration for edge-case or specific workflows where possible. Options around this relationship also get a little dicey since the book/shelf relation is more complex that your request accounts for since books can be assigned to mulitple shelves. Do know if you'd then desire further controls to limit that. > Even if the book is moved into a shelf at a later time, it will not automatically have the right permissions. However, if it was mandatory for non-admin users to associate a new book with a shelf when it is first created, no books would be orphaned and team mates would automatically gain access. This is not how the permissions work at this time. Shelf permissions do not auto-cascade to books. > A setting to remove the 'Books' navigation link on the top menu bar for non-admin users would have the same practical effect. Within the current release, you could achieve this via adding the following to the "Custom HTML Head Content" setting: ```html <style> header .header-links a[href$="/books"] { display: none; } </style> ``` The overall request here very much overlaps with this existing issue #1171 so I'm going to therefore close this off as a duplicate.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v25-12

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label :cat2:🐈 Possible duplicate

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2383